Corporate websites are becoming the main distributors of malware as hackers and spammers look for methods of distributing spam and trojans, according to a new study by Symantec.

In 2008, there were web attacks from 808,000 unique domains, and many of their targets were mainstream corporate websites, the report said.

Normally malware comes from gaming, adult material and pirated software sites, but now it seems that corporate websites are being directly attacked and used as distribution points.

Most of the attacks come in the form of SQL injections. The attackers make changes in the source codes of websites and inject commands that compromise the sites. Third party advertisements are also being used to redirect users to malicious websites. Notably, in one instance, the Embassy of the Republic of Azerbaijan in Pakistan and Hungary has been controlled by the hackers who then infected visitors with malware.

Spam is another growing menace. Previously, staff members used to receive an average of 2-3 spam mails per day, a figure that has now has increased to 200-300 per day.

With IT security expenditure expected to be cut as a result of the recession, it is predicted that the number of attacks will grow further in 2009.